DNS attacks cost finance firms millions of pounds a year

The average cost of recovering from a single DNS attack is £711,069 – $924,390 for a large financial services company a new survey.

The costs of restoring services after a DNS (Domain Name System) attack are higher for financial services firms than for companies in any other sector.

According to a survey of 1,000 large financial services firms in Europe, North America and Asia Pacific, the average cost of recovering from a single DNS attack is $924,390 for a large financial services company.

The survey, carried out by network automation and security supplier EfficientIP, and its subsequent 2018 Global DNS threat report found that the average cost of recovery for such finance firms had increased by 57% compared with last year.

It also revealed that financial services firms suffered an average of seven attacks each last year, and 19% of them were attacked more than 10 times.

The survey found that finance firms took an average of seven hours to mitigate a DNS attack and 5% of them spent a total of 41 working days mitigating attacks in 2017. More than a quarter (26%) lost business because of the attacks.

The most common problems caused by DNS attacks are cloud service downtime, compromised websites and internal application downtime.

“The DNS threat landscape is continually evolving, impacting the financial sector in particular,” said David Williamson, CEO at EfficientIP. “This is because many financial organisations rely on security solutions that fail to combat specific DNS threats.

“Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.”

Types of DNS attack include:

Zero day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software.
Cache poisoning – the attacker corrupts a DSN server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack. Cache poisoning may also be referred to as DNS poisoning.
Denial of service – an attack in which a malicious bot sends more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.
Distributed denial of service – the attacker uses a botnet to generate huge amounts of resolution requests to a targeted IP address.
DNS amplification – the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread the attack to other DNS servers.
Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 03333 393 139 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Cyber security criminals outspend businesses in security battles

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Research from Carbon Black carried out in August also asked 250 UK-based CIOs, CTOs and CISOs about the attacks they faced over the past 12 months.

In total, 92% of UK businesses have had cyber security breaches in the past year and nearly half off those reported falling victim to multiple breaches (three to five times in the past year).

A total of 82% of respondents said they have experienced more attacks this year than last year. In the financial services sector, 89% said this is the case, while 83% of government organisations and 84% of retailers had also experienced an increase in the number of attacks.

Malware was the most common attack on the UK organisations surveyed, with about 28% experiencing at least one such attempted breach. Ransomware was the next most common, with 17.4% reporting at least one attack.

“Following a global trend, cyber attacks in the UK are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage fileless attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected,” said the report. “This issue is compounded by resources and budgeting. Not only is there a major talent deficit in cyber security, there is also a major spending delta.”

The report found that IT leaders believe Russia and China to be the source of the vast majority of cyber attacks, but it identified North America as the starting point for more attacks than Iran and North Korea combined.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

LORCA to help drive UK cyber exports

LORCA – the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

LORCA - the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

A key part of the ambition for London’s £13.5m government-funded cyber innovation centre is that it will help drive UK exports, according to Robert Hannigan, former head of GCHQ.

“We hope that companies founded and given a boost and support in going to market will also go to market overseas,” he said at the official opening of the centre – to be known as the London Office for Rapid Cybersecurity Advancement (Lorca).

“The government’s ambition is very clearly to make the UK a leader in cyber security exports, and I see massive potential out there in countries around the world that need a variety of different solutions,” said Hannigan, who will lead Lorca’s industry advisory board.

“We know we have great talent, potential and possibilities, and bringing it all together was the challenge for government and what has led to this [cyber security innovation] centre,” he said.

The centre will play an important role in bringing together the many good innovators and incubators across the UK and provide a focal point for interacting with government, said Hannigan.

Lorca will also bring together cyber security innovators with academics in the field, with various industry sectors – starting with the cyber security-leading finance sector, with other technical and non-technical disciplines, and with international partners.

“This centre has links to the US, Israel and Singapore, and convening the three most prominent cyber security industry centres in the world is going to be very powerful in magnifying the value of this centre,” said Hannigan.

Commenting further on the potential for cyber security exports, Hannigan said there is a “massive market” out there because there are many economies that are some way behind the cyber security technology front-runners that are looking for solutions.

“There is massive potential, we have got some great companies, the UK has a good reputation and we should capitalise on that because if we put all that together and get it right, we will have a booming cyber security export industry,” he said.

“There is a lot of private sector capital looking to invest in cyber. So there is no shortage of capital, it is all about finding the right vehicle, and Lorca will help with that. But there is no reason why, in the future, there shouldn’t be more initiatives along the same lines.”

For this reason, Hannigan believes there is room for many more initiatives aimed at supporting cyber security entrepreneurs.

“There is no competition between incubators and accelerators within the UK – the more the merrier,” he said, explaining that each has something different to offer, with Lorca being more industry-focused with international links, for example, and the GCHQ accelerator and innovation centre in Cheltenham being more focused on national cyber security.

The government funding for Lorca will also promote its role as a convening body for other accelerators and incubators as a “useful way of amplifying the UK’s overall cyber security offering, particularly overseas, said Hannigan.

Fifth of businesses would pay ransoms rather than in security

One fifth of UK business executives from non-IT functions would pay hackers’ ransom demands to cut costs rather than invest in information security.

One fifth of UK business executives from non-IT functions would pay hackers’ ransom demands to cut costs rather than invest in information security.

According to the latest report commissioned by NTT Security they say that businesses are still making the same mistakes, failing to make any progress in crucial areas such as cyber security awareness and preparedness

The report shows that a further 30% in the UK are not sure whether they would pay or not, suggesting that only about half are prepared to invest in security to proactively protect the business.

This means many businesses are still stuck in a reactive mindset when it comes to cyber security.

The findings are particularly concerning, the report said, given the growth in ransomware, as identified in NTT Security’s Global Threat Intelligence Report (GTIR), published in April. According to the GTIR, ransomware attacks surged by 350% in 2017, accounting for 29% of all attacks in Europre, the Middle East and Africa and 7% of malware attacks worldwide.

Levels of confidence about being vulnerable to attack also seem unrealistic, according to the report, with 41% of respondents in the UK claiming that their organisation has not been affected by a data breach.

More realistically, 10% of UK respondents expect to suffer a breach, but nearly one-third (31%) do not expect to suffer a breach at all.

More worrying, the report said, is the 22% of UK respondents who are not sure whether they have suffered a breach or not.

Given that just 4% of respondents in the UK see poor information security as the single greatest risk to their business, this is unsurprising, the report said. Only 14% regard Brexit as the single greatest business risk; the list of concerns was topped by competitors taking market share (24%) and budget cuts (18%).

When considering the impact of a breach, UK respondents are most concerned about what a data breach will do to their image, with almost three-quarters (73%) concerned about loss of customer confidence and damage to reputation (69%), which are the highest figures among the countries polled.

The estimated loss in terms of revenue is 9.72% (compared with 10.29% globally, up from 9.95% in 2017). .

The report found there is no clear consensus on who is responsible for day-to-day security, with 19% of UK respondents saying the CIO is responsible, compared with 21% who said the CEO, 18% the CISO and 17% the IT director.

A key area of concern, according to the report, is whether there are regular boardroom discussions about security, with 84% of UK respondents agreeing that preventing a security attack should be a regular item on the board’s agenda. Yet only about half (53%) admit that it is and a quarter do not know.

With a lack of cohesion at the top, organisations are still struggling to secure their most important digital assets, the report said.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Skills shortage a major cyber security risk for small businesses

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

The proportion of information security professionals who feel organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18% in the past three years, the survey by not-for-profit industry body, the Institute of Information Security Professionals (IISP) has revealled.

Security industry leaders are increasingly putting emphasis on cyber resilience based on good detection and response capabilities, rather than relying mainly on defence technologies and controls.

“These results reflect the difficulty in defending against increasingly sophisticated attacks and the realisation breaches are inevitable – it’s just a case of when and not if,” said Piers Wilson, director at the IISP.

“Security teams are now putting increasing focus on systems and processes to respond to problems when they arise, as well as learning from the experiences of others.”

When it comes to investment, the survey suggests that for many organisations, the threats are outstripping budgets in terms of growth. The number of businesses reporting increased budgets dropped from 70% to 64% and businesses with falling budgets increased from 7% up to 12%.

According to the IISP, economic pressures and uncertainty in the UK market are likely to be restraining factors on security budgets, while the demands of the General Data Protection Regulation (GDPR) and other regulations such as Payment Services Directive (PSD2) and Networks and Information Systems Directive (NISD) are undoubtedly putting more pressure on limited resources.

The survey report highlights the problem of skills shortages with the proportion of respondents reporting a dearth of skills as a challenge growing to 18%, up from just 8% in 2015.

While acting as a potential brake on capability, the skills shortage is also driving job prospects year-on-year, reflected in a growth of respondents in all the higher salary bands and in those reporting good job and career prospects.

“This year’s survey further highlights the continued need for industry, government, academia and professional bodies like the IISP to continue to work to resolve these shortages in skills across all levels and disciplines,” said Amanda Finch, general manager at the IISP.

“We have seen AI and machine learning used in defensive security systems for some time and this is now starting to become part of a wider automation approach,” said Wilson. “But like the IoT, AI can also be exploited by cyber criminals, so we need to have the people and technologies to respond and mitigate these emerging risks.”

The IISP represents more than 8,000 individuals across private and government sectors, 41 corporate member organisations and 22 academic partners.

As well as surveying its members, the IISP opened the survey up to non-member security professionals, representing a wide range of ages, experience and industry sectors.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Top cyber security criminals earn up to £1.5m a year study shows

Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.
Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.

Cyber security criminals are acquiring, laundering, spending and reinvesting about £1.1 trillion in profits a year, research has revealed.

The highest earning cyber criminals are making up to £1.5m a year, almost as much as a FTSE250 CEO, according to a study commissioned by Bromium.

Mid level cyber criminals make up to £639,000, which is more than double the US president’s salary, while entry level cyber criminals make about £30,000, which is significantly more than the average UK graduate, the research noted.

The findings on how much cyber criminals earn from their illegal activities and what they spend their profits on are part of an 11-month study into the macro economics of cyber crime and how the various elements link together. It has been led by Michael McGuire, senior lecturer in criminology at Surrey University.

The report highlights how cyber crime has become a booming economy, and reveals cyber criminal links to drug production, human trafficking and even terrorism.

The use of ransomware, crime-as-a-service, data theft, illicit online marketplaces and trade secret/IP theft are helping cyber criminals generate huge revenues with relative ease, the report said.

According to the research the cyber security industry, business and law enforcement agencies need to come together to disrupt cyber criminals and cut off their revenue streams. By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder.

Data gathered by the research team through first-hand interviews with 100 convicted or currently engaged cyber criminals, law enforcement agencies and financial institutions, combined with dark web investigations, reveals that 15% of cyber criminals spend most of their money on immediate needs, such as paying bills.

One fifth of cyber criminals focus their spending on drugs and prostitution, 15% spend to attain status or impress, but 30% convert some of their revenue into investments. Some 20% spend at least some of their revenue on reinvestments in further criminal activities, such as buying IT equipment.

The proceeds of cyber crime fuel other crimes, such as terrorism and human trafficking, the report said, much like a legitimate business reinvests profits to expand while also contributing towards core philanthropic values.

The research showed that cyber criminals are reinvesting their money to grow their own business, but also to promote other types of crime. Terrorism, human trafficking, drugs manufacturing and firearms trading have all been beneficiaries of cyber crime.

A lot of cyber criminals spend their money on increasing their status, whether that be with peers or romantic interests.

One individual in the UK, who made around £1.2 million per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could ‘arrive in style’ at casinos and hotels.

Another UK cyber criminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cyber criminals are able to spend their illicit gains. There is an ever-growing market that is almost tailor-made for cyber criminals to make these ostentatious purchases with little to no regulation or oversight.

So if you want to avoid funding these criminals and save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139